Move deprecated directives since version 8 to its own spec test#108
Move deprecated directives since version 8 to its own spec test#108frederikbosch wants to merge 3 commits into
Conversation
--------------------------------------------------------------- sshd(8) no longer supports the old SSH protocol 1, so all the configuration options related to it are now deprecated and should be removed from /etc/ssh/sshd_config. These are: KeyRegenerationInterval RSAAuthentication RhostsRSAAuthentication ServerKeyBits The Protocol option is also no longer needed, although it is silently ignored rather than deprecated. https://salsa.debian.org/ssh-team/openssh/commit/fb87db8aa47d3508be8e5bb1d21897fa1f2eca90
|
Since multiple directives have been deprecated since version 8 of OpenSSH, there is a need for a permanent solution for specific versions of OpenSSH. See also the PR 194 for the Chef implementation of SSH Hardening. Therefore, I moved ssh-14 and ssh-15 to its own spec test, because they are the ones that are subjected to the deprecations. Honoustly, I have no Ruby experience, let alone inspec. Because I think tests of deprecated features belong to its own domain, I moved them into a specific spec test. This specific test contains an |
|
@frederikbosch thanks for this PR! I'm closing it however in favour of #110, where checking for different ssh versions is implemented. Can I ask you to review the #110? |
|
Done! |
2 participants
sshd(8) no longer supports the old SSH protocol 1, so all the configuration
options related to it are now deprecated and should be removed from
/etc/ssh/sshd_config. These are:
KeyRegenerationInterval
RSAAuthentication
RhostsRSAAuthentication
ServerKeyBits
The Protocol option is also no longer needed, although it is silently
ignored rather than deprecated.
https://salsa.debian.org/ssh-team/openssh/commit/fb87db8aa47d3508be8e5bb1d21897fa1f2eca90